Good point. (I sent these in a follow on post that hasn't shown up yet I'm
also having an issue with reloading a slapd .ldif file from the previous server
to this one. It's giving me an 'insufficient privileges' access area and
telling me I don't have permissions to the parent. So.... I really need to
figure this out.... I've done this quite a few times and now I'm having an
issue.)
I have to assume that I don't have access to example.com or it's children. I
just don't understand what I'm missing.
TY!
P.
Ldap.conf:
BASE dc=example,dc=com
Slapd.conf:
access to attrs=userPassword
by self write
by anonymous auth
by dn="uid=syncuser,dc=hq,dc=example,dc=com" read by * compare
access to attrs=sambaLMPassword,sambaNTPassword
by dn="uid=syncuser,dc=hq,dc=example,dc=com" read by * none
access to *
by self write
by * read
access to dn.subtree="dc=hq,dc=example,dc=com" by self write
by set="[cn=itlevel1,ou=Groups,dc=hq,dc=example,dc=com]/member* & user"
write
by set="[cn=ntadmins,ou=Groups,dc=hq,dc=example,dc=com]/member* & user"
write
by * break
authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
"cn=root,dc=hq,dc=example,dc=com"
database mdb
suffix "dc=hq,dc=example,dc=com"
rootdn "cn=root,dc=hq,dc=example,dc=com"
On Tuesday, September 10, 2019, 2:13:01 AM EDT, Ulrich Windl
<[email protected]> wrote:
>>> Paul Pathiakis <[email protected]> schrieb am 09.09.2019 um 16:38 in
Nachricht <[email protected]>:
> Hi,
> I am trying to figure out all the various passwords and access controls.
> I seem unable to get my previously documented systems/configurations to
> work.
> I understand that slaptest is supposed to convert my slapd.conf to a new
> configuration and everything should be fine going forward.
> However, I'm having various password and access issues.
> Basically,
> I use my ldap.conf file and everything seems good.
> I start slapd and it works fine.
> I perform an ldap search and everything seems fine as it returns my domain.
> After that, I try to import my memberof.ldif file and it gives me an access
> issue.
> ldapadd -f /etc/openldap/memberof.ldif -v -D "cn=config" -H
> ldap://192.168.2.113 -W -c
>
> dn: cn=module,cn=config
> cn: module
> objectClass: olcModuleList
> objectclass: top
> olcModuleLoad: memberof.la
> olcModulePath: /usr/lib64/openldap
>
> dn: olcOverlay=memberof,olcDatabase={0}config,cn=config
> objectclass: olcconfig
> objectclass: olcMemberOf
> objectclass: olcoverlayconfig
> objectclass: top
> olcoverlay: memberof
>
> ldap_initialize( ldap://192.168.2.113:389/??base )
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> Obviously, that's a password problem. My question is why?
> What step did I miss in my documentation?
Hard to say without knowing your ACL rules.
> Thank you!
> P.
